Lucene search
K

251 matches found

CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

WordPress plugin ACF Onyx Poll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ACF Onyx Poll plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

6.4CVSS6AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.9 views

PT-2025-25375 · WordPress · Acf Onyx Poll

Name of the Vulnerable Software and Affected Versions: ACF Onyx Poll plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with...

6.4CVSS5.9AI score0.00231EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.10 views

CVE-2025-30930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...

5.9CVSS5.9AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.5 views

CVE-2025-30930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...

5.9CVSS0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.14 views

CVE-2025-30930 WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...

5.9CVSS0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:54 p.m.6 views

CVE-2025-30930 WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unreal Themes ACF: Yandex Maps Field acf-yandex-maps-field allows Stored XSS.This issue affects ACF: Yandex Maps Field: from n/a through = 1.1...

5.9CVSS5.7AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.43 views

CVE-2025-30930

CVE-2025-30930 is a stored XSS in Unreal Themes ACF: Yandex Maps Field. Affected: ACF: Yandex Maps Field versions from n/a up to 1.1. CVSS 3.1 base score 5.9 (Network, Low confidentiality/integrity/availability impact; user interaction required). Exploitation details and a remediated version are ...

5.9CVSS5.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:53 a.m.8 views

CVE-2024-23518

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

4.3CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.6 views

CVE-2024-3071

The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.6AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.5 views

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4.3CVSS6.5AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.8 views

CVE-2023-1196

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

8.8CVSS7.1AI score0.0108EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.3 views

CVE-2021-24909

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.008EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:57 a.m.4 views

CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php...

9.8CVSS7.2AI score0.02774EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.7 views

CVE-2019-14682

The acf-better-search aka ACF: Better Search plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbsadminpage CSRF...

4.3CVSS7.1AI score0.00745EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:1 p.m.20 views

CVE-2025-39382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in danielpataki ACF: Google Font Selector acf-google-font-selector-field allows Reflected XSS.This issue affects ACF: Google Font Selector: from n/a through = 3.0.1...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 4:15 p.m.10 views

CVE-2025-39382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in danielpataki ACF: Google Font Selector acf-google-font-selector-field allows Reflected XSS.This issue affects ACF: Google Font Selector: from n/a through = 3.0.1...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:8 p.m.53 views

CVE-2025-39382

CVE-2025-39382 refers to a Reflected XSS in WordPress plugin ACF: Google Font Selector (versions up to 3.0.1). The vulnerability arises from improper input neutralization during web page generation, enabling potential inline script execution in the context of the affected page. The CVSS v3.1 base...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.4 views

PT-2025-17747 · Unknown · Acf: Google Font Selector

Name of the Vulnerable Software and Affected Versions: ACF: Google Font Selector versions 3.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This can be exploited through the ACF:...

7.1CVSS7AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/03 3:55 p.m.14 views

CVE-2025-31832

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through = 1.17.0...

5.3CVSS7.2AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.12 views

CVE-2025-31832

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through = 1.17.0...

5.3CVSS0.00472EPSS
Exploits0References1
Rows per page
Query Builder